[caclough]

I'm sorry, but I have no way to login other than the two accounts I've used and posted from. Not sure what to do? 

[Advertisements]

I just wanted you to log in with the account you logged in before and it wasn't a temporary account:

 

Running from C:\Users\HeatherSchmidt

 

Make sure to move the FRST tool from your Downloads folder on to your Desktop.

[DR M]

I just wanted you to log in with the account you logged in before and it wasn't a temporary account:

 

Running from C:\Users\HeatherSchmidt

 

Make sure to move the FRST tool from your Downloads folder on to your Desktop.

[caclough]

Will do shortly. Thank you

[DR M]

Two more days passed since your last reply, that you will do the scan shortly. If you really need assistance, please check this topic daily. As the time passes, things change in a system, especially if you use it, and this makes things complicated. If you don't have the time now, let me know, and I'll close the topic for now. You can return with a new one when you are ready.

[caclough]

Yes, sorry. I know things change, but my home internet is spotty and I have not been unable to run a scan. I thought I would be able to Friday by the end of the day, but I was unable. 

[caclough]

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 12/19/23

Scan Time: 2:06 PM

Log File: 0e26f614-9eaa-11ee-95c8-f06e0bb81b43.json

 

-Software Information-

Version: 4.6.7.301

Components Version: 1.0.2222

Update Package Version: 1.0.78614

License: Trial

 

-System Information-

OS: Windows 10 (Build 19045.3693)

CPU: x64

File System: NTFS

User: System

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Scheduler

Result: Completed

Objects Scanned: 318176

Threats Detected: 0

Threats Quarantined: 0

Time Elapsed: 5 min, 26 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

Attached Files

•  Addition.txt   20.51KB   48 downloads
•  FRST.txt   30.12KB   51 downloads

[DR M]

1. Move FRST
 
Please, move FRST tool from your Downloads folder on to your Desktop.
 
 
2. Change a Malwarebytes setting

• Double click the program's icon on your Desktop, as you did before.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

 

3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2023-12-19] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2023-12-19] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RunOnce: [Uninstall 23.226.1031.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\23.226.1031.0003" [0 2023-12-15] () <==== ATTENTION [zero byte File/Folder]
CMD: reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

[caclough]

Attached.

Attached Files

•  Fixlog.txt   4.13KB   50 downloads

[DR M]

Thanks.

 

Go to C, and find profile.txt. Please attach the file in your next reply. 

[caclough]

Attached.

Attached Files

•  Profile.txt   12.76KB   56 downloads

[DR M]

Several User accounts are present in the log:
 
HeatherSchmidt
JohnMilazzo
CollinMayer
LyleTimm
Chad Clough
MiriamSchaewe
Stpau
 
Do you recognize all these accounts?

Some things I would like to see now (use the account you used for the FRST logs, please):

1. Your account info

Go to Settings (press the Windows logo key on the keyboard together with letter i), then Accounts. From the menu at the left choose Your Info. Please take a screenshot of what you see.

2. Users

Open File explorer (press the Windows logo key on the keyboard together with letter r, type Explorer and press Enter).
From the menu at the left choose My PC, then double click on C and then choose Users.
Please take a screenshot of what you see.

3. Users accounts from Control Panel

In the Search area type Control Panel and select it.
Select View by Large Icons and find Users accounts. Select it.
Please take a screenshot of what you see.

[caclough]

4 accounts were coworkers that no longer have access to the computer. 

I can login on two of the other accounts but not stpau for some reason. 

 

I should hopefully get the screenshots today.

[DR M]

OK.

 

Please, let me also know which accounts would you like to remove and which accounts would you like to keep. Do you have documents you would like to save in stpau account? 

[DR M]

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).